Skip to main content
Log in

A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

Over the past few years, several efforts have been made to enable specification and enforcement of flexible and dynamic access control policies using traditional access control (such as role based access control (RBAC), etc.) and attribute based access control (ABAC). Recently, a unified framework, named MPBAC (meta-policy based access control), has been developed to enable specification and enforcement of heterogeneous access control policies such as ABAC, RBAC and a combination of policies (such as ABAC and RBAC). However, one significant limitation is that no complete administrative model has been developed for heterogeneous access control policies. In this article, we present a complete role-based administrative model (named as RAMHAC) for managing heterogeneous access control policies. We also introduce a novel methodology for analyzing heterogeneous access control policies in the presence of RAMHAC by modeling the policies through Datalog facts and using the μ z tool. The administrative model includes a wide range of administrative relations, commands, pre-constraints and post-constraints. A comprehensive experimental evaluation demonstrates the scalability of the proposed approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1

Similar content being viewed by others

References

  • Aich, S., Mondal, S., Sural, S., & Majumdar, A.K. (2009). ESTARBAC: Role based access control with spatiotemporal context for mobile applications. Transactions on Computational Science, IV, 177–199.

    Google Scholar 

  • Alberti, F., Armando, A., & Ranise, S. (2011a). ASASP: automated symbolic analysis of security policies. In Proceedings of the 23rd international conference on automated deduction (pp. 26–33).

  • Alberti, F., Armando, A., & Ranise, S. (2011b). Efficient symbolic automated analysis of administrative attribute-based RBAC policies. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 165–175).

  • Anagnostopoulos, D., Papadopoulos, T., Stamati, T., & Balta, M.E. (2020). Policy and information systems implementation: the greek property tax information system case. Information Systems Frontiers, 22, 791–802.

    Article  Google Scholar 

  • Behrmann, G., David, A., & Larsen, K.G. (2004). A tutorial on UPPAAL. In Proceedings of the formal methods for the design of real-time systems (pp. 200–236).

  • Bertino, E., Bonatti, P.A., & Ferrari, E. (2001). TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3), 191–233.

    Article  Google Scholar 

  • Bhatt, S., Patwa, F., & Sandhu, R.S. (2016). An attribute-based access control extension for openstack and its enforcement utilizing the policy machine. In 2nd IEEE international conference on collaboration and internet computing (pp. 37–45).

  • Biswas, P., Sandhu, R.S., & Krishnan, R. (2016). Uni-arbac: A unified administrative model for role-based access control. In Proceedings of the 19th international conference on information security (pp. 218–230).

  • de Moura, L., & Bjørner, N. (2008). Z3: an efficient SMT solver. In Proceedings of the 14th conference on tools and algorithms for the construction and analysis of systems (pp. 337–340).

  • Fernández, M., Mackie, I., & Thuraisingham, B. (2019). Specification and analysis of abac policies via the category-based metamodel. In Proceedings of the Ninth ACM conference on data and application security and privacy (pp. 173–184).

  • Ferraiolo, D., & Atluri, V. (2008). A meta model for access control: Why is it needed and is it even possible to achieve?. In Proceedings of the 13th ACM symposium on access control models and technologies (pp. 153–154).

  • Ferrara, A.L., Madhusudan, P., & Parlato, G. (2012). Security analysis of role-based access control through program verification. In Proceedings of the IEEE 25th computer security foundations symposium (pp. 113–125).

  • Ferrara, A.L., Madhusudan, P., & Parlato, G. (2013). Policy analysis for self-administrated role-based access control. In Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems (pp. 432–447).

  • Ferrara, A.L., Madhusudan, P., Nguyen, T.L., & Parlato, G. (2014). VAC- verifier of administrative role-based access control policies. In Proceedings of the international conference on computer aided verification (pp. 184–191).

  • Geepalla, E., Bordbar, B., & Last, J. (2012). Transformation of spatio-temporal role based access control specification to alloy. In Proceedings of the 2nd international conference on model and data engineering (pp. 67–78).

  • Gofman, M.I., Luo, R., Solomon, A.C., Zhang, Y., Yang, P., & Stoller, S.D. (2009). RBAC-PAT: a policy analysis tool for role based access control. In Proceedings of the international conference on tools and algorithms for the construction and analysis of systems (pp. 46–49).

  • Gupta, M., & Sandhu, R. (2016). The GURAG administrative model for user and group attribute assignment. In Proceedings of the 10th international conference on network and system security (pp. 318–332).

  • Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., & Scarfone, K. (2013). Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Draft). https://csrc.nist.gov/csrc/media/publications/sp/800-162/final/documents/sp800_16-2_draft.pdf.

  • Hwang, J., Xie, T., Hu, V., & Altunay, M. (2010). ACPT: a tool for modeling and verifying access control policies. In Proceedings of the IEEE international symposium on policies for distributed systems and networks (pp. 40–43).

  • Jackson, D. (2002). Alloy: a lightweight object modelling notation. ACM Transaction Software Engineering and Methodology, 11(2), 256–290.

    Article  Google Scholar 

  • Jayaraman, K., Ganesh, V., Tripunitara, M., Rinard, M., & Chapin, S. (2011). Automatic error finding in access-control policies. In Proceedings of the 18th ACM conference on computer and communications security (pp. 163–174).

  • Jha, S., Li, N., Tripunitara, M., Wang, Q., & Winsborough, W. (2008). Towards formal verification of role-based access control policies. IEEE Transactions on Dependable and Secure Computing, 5(4), 242–255.

    Article  Google Scholar 

  • Jha, S., Sural, S., Vaidya, J., & Atluri, V. (2014a). Security analysis of temporal RBAC under an administrative model. Computers & Security, 46, 154–172.

    Article  Google Scholar 

  • Jha, S., Sural, S., Vaidya, J., & Atluri, V. (2014b). Temporal RBAC security analysis using logic programming in the presence of administrative policies. In Proceedings of the international conference on information systems security (pp. 129–148).

  • Jha, S., Sural, S., Atluri, V., & Vaidya, J. (2016). An administrative model for collaborative management of ABAC systems and its security analysis. In Proceedings of the IEEE 2nd international conference on collaboration and internet computing (pp. 64– 73).

  • Jha, S., Sural, S., Atluri, V., & Vaidya, J. (2018). Security analysis of ABAC under an administattive model. IET Information Security, 13(2), 96–103.

    Article  Google Scholar 

  • Jin, X., Krishnan, R., & Sandhu, R. (2012). A role-based administration for attributes. In Proceedings of the first international workshop on secure and resilient architectures and systems (pp. 7–12).

  • Jin, X., Krishnan, R., & Ravi, S. (2013). Reachability analysis for role based administration of attributes. In Proceedings of the 2013 ACM workshop on digital identity management (pp. 73–84).

  • Joshi, J.B.D., Bertino, E., Latif, U., & Ghafoor, A. (2005). Generalized temporal role based access control model (GTRBAC). IEEE Transactions on Knowledge and Data Engineering 4–23.

  • Kam, H.J., Mattson, T., & Goel, S. (2020). A cross industry study of institutional pressures on organizational effort to raise information security awareness. Information Systems Frontiers, 22, 1241–1264.

    Article  Google Scholar 

  • Kang, M., & Hovav, A. (2020). Benchmarking methodology for information security policy (bmisp): Artifact development and evaluation. Information Systems Frontiers, 22, 221–242.

    Article  Google Scholar 

  • Karimikia, H., Safari, N., & Singh, H. (2020). Being useful: How information systems professionals influence the use of information systems in enterprises. Information Systems Frontiers, 22, 429–453.

    Article  Google Scholar 

  • Li, N., & Tripunitara, M.V. (2006). Security analysis in role-based access control. ACM Transactions on Information and System Security, 9(4), 391–420.

    Article  Google Scholar 

  • Mondal, S., Sural, S., & Atluri, V. (2011). Security analysis of GTRBAC and its variants using model checking. Computers & Security, 30(2–3), 128–147.

    Article  Google Scholar 

  • Ninglekhu, J., & Krishnan, R. (2017a). AARBAC: attribute-based administration of role-based access control. In Proceedings of the 3rd IEEE international conference on collaboration and internet computing (pp. 126–135).

  • Ninglekhu, J., & Krishnan, R. (2017b). Attribute based administration of role based access control : a detail description. arXiv:1706.03171.

  • Ninglekhu, J., & Krishnan, R. (2017c). A model for attribute based role-role assignment (ARRA). arXiv:1706.10274.

  • Rajkumar, P.V., & Sandhu, R.S. (2016). POSTER: security enhanced administrative role based access control models. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1802–1804).

  • Rajpoot, Q.M., Jensen, C.D., & Krishnan, R. (2015). Attributes enhanced role-based access control model. In Proceedings of the 12th international conference on trust, privacy and security in digital business (pp. 3–17).

  • Sandhu, R., Bhamidipati, V., & Munawer, Q. (1999). The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 2(1), 105–135.

    Article  Google Scholar 

  • Sandhu, R.S., Coyne, E.J., Feinstein, H.L., & Youman, C.E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.

    Article  Google Scholar 

  • Sasturkar, A., Yang, P., Stoller, S.D., & Ramakrishnan, C. (2011). Policy analysis for administrative role-based access control. Theoretical Computer Science, 412(44), 6208–6234.

    Article  Google Scholar 

  • Schaad, A., & Moffett, J.D. (2002). A lightweight approach to specification and analysis of role-based access control extensions. In Proceedings of the 7th symposium on access control models and technologies (pp. 13–22).

  • Shafiq, B., Masood, A., Joshi, J., & Ghafoor, A. (2005). A role-based access control policy verification framework for real-time systems. In Proceedings of the 10th IEEE international workshop on object-oriented real-time dependable systems (pp. 13–20).

  • Sharma, M., Sural, S., Atluri, V., & Vaidya, J. (2013a). AMTRAC: An administrative model for temporal role-based access control. Computer & Security, 39, 201–218.

    Article  Google Scholar 

  • Sharma, M., Sural, S., Atluri, V., & Vaidya, J. (2013b). An administrative model for spatio-temporal role based access control. In Proceedings of the 9th international conference on information and system security (pp. 375–389).

  • Singh, M.P., Sural, S., Atluri, V., Vaidya, J., & Yakub, U. (2015). Managing multi-dimensional multi-granular security policies using data warehousing. In Proceedings of the 9th international conference on network and system security (pp. 221–235).

  • Singh, M.P., Sural, S., Atluri, V., & Vaidya, J. (2019a). Security analysis of unified access control policies. In International conference on secure knowledgement management in artificial intelligence Era.

  • Singh, M.P., Sural, S., Vaidya, J., & Atluri, V. (2019b). Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database. Computers & Security 183–205.

  • Stoller, S.D., Yang, P., Ramakrishnan, C.R., & Gofman, M.I. (2007). Efficient policy analysis for administrative role based access control. In Proceedings of the 14th ACM conference on computer and communications security (pp. 445–455).

  • Toahchoodee, M., & Ray, I. (2011). On the formalization and analysis of a spatio-temporal role-based access control model. Journal of Computer Security, 19(3), 399–452.

    Article  Google Scholar 

  • Trang, S., & Brendel, B. (2019). A meta-analysis of deterrence theory in information security policy compliance research. Information Systems Frontiers, 21, 1265–1284.

    Article  Google Scholar 

  • Uzun, E., Atluri, V., Sural, S., Vaidya, J., Parlato, G., Ferrara, A.L., & Parthasarathy, M. (2012). Analyzing temporal role based access control models. In Proceedings of the 17th ACM symposium on access control models and technologies (pp. 177–186).

Download references

Acknowledgments

Research reported in this publication was supported by the National Science Foundation under awards CNS-1564034, CNS-1624503, CNS-1747728 and the National Institutes of Health under awards R01GM118574 and R35GM134927. The work of Shamik Sural was partially supported by the Fulbright Program. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mahendra Pratap Singh.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendices

Appendix A: Review of Proposed and Existing Approaches

In this section, we present a comparison of several tools and compare the proposed approach with existing approaches.

As shown in Table 10, Alloy and CPN are used to analyze RBAC policies in presence and absence of ARBAC97 in Schaad and Moffett (2002) and Shafiq et al. (2005), respectively. Jha et al. (2008) present logic programming and model checking based approach to analyze RBAC policies using the administrative model (Sandhu et al., 1999). Stoller et al. (2007) analyze miniRBAC and miniARBAC policies through RBAC-PAT tool. In Jayaraman et al. (2011), the MOHAWK tool is used for analyzing RBAC policies through administrative component URA97. In Alberti et al. (2011b), a tool, named ASASP, is presented for analyzing RBAC policies in the presence of URA97 component of ARBAC97 (Sandhu et al., 1999). Sasturkar et al. (2011) present algorithms to analyze user-role reachability security property of ARBAC97 that is used to manage miniRBAC policies. On the other side, Ferrara et al. (2012) present an approach for analyzing RBAC policies through VAC tool and abstraction technique generally employed in program verification.

Table 9 Comparison of security analysis tools
Table 10 Comparison of existing security analysis approaches

An approach for analyzing the self-administrative RBAC policies is presented in Ferrara et al. (2013) that uses model-checking and abstraction technique generally employed in program verification. In Jha et al. (2014a) and Jha et al. (2014b), security properties of TRBAC are analyzed in the presence of AMTRAC using Alloy and Prolog, respectively. In Mondal et al. (2011), the security properties of GTRBAC (Joshi et al., 2005) is analyzed through model checking based approach. TRBAC (Bertino et al., 2001) reachability security property is verified in the presence of ARBAC (Sandhu et al., 1999) using role and rule schedule strategy in Uzun et al. (2012). In Geepalla et al. (2012), no administrative model is referred to analyze the security properties of STRBAC using Alloy. The security properties of STRBAC using CPN is analyzed in Toahchoodee and Ray (2011).

Appendix B: Preliminaries

This section presents a concise description of the components of RBAC and ABAC and also introduces MPBAC.

1.1 B.1 RBAC (Sandhu et al., 1996)

In RBAC, permission defines a task that users supposed to perform through a role. The role gets permission through role-to-permission association, and a user can acquire a role through user-to-role association. A role can take another role’s permission through role-to-role association. In RBAC, a state is a 3-tuple (UR, RH, RP), where UR, RH and RP represent a set of user-role associations, a set of role-role associations and a set of role-permission associations, respectively.

1.2 B.2 ABAC (Hu et al., 2013)

In ABAC, resources are protected through attributes of users, objects and environment. These attributes can have multiple values. A policy in ABAC is a 4-tuple (UAV, OAV, EC, AC), where UAV, OAV, EC and AC represent a set of user attribute-value assignments, a set of object attribute-value assignments, a set of environmental conditions and a set of access rights, respectively. A state in ABAC is a 4-tuple (UUAV, OOAV, EAC, P), where UUAV, OOAV, EAC and P, respectively, denote a set of user-to-user attribute value assignments, a set of object-to-object attribute value assignments, a set of environmental conditions and a set of policies.

In ABAC as well as RBAC, a state is safe if it does not permit unauthorized access. An administrative user can modify states of ABAC or RBAC, and a modification in any component of an ABAC state (UUAV, OOAV, EAC, P) or an RBAC state (UR, RH, RP) leads to a state change that may transit a system from an authorized state to an unauthorized state. Therefore, to safeguard a system from unauthorized access, it is necessary to analyze the effect of each modification in the presence of the administrative model.

1.3 B.3 MPBAC (Singh et al., 2019b)

In Singh et al. (2019b), an approach is presented to enable specification and enforcement of meta-policy based access control (MPBAC). A meta-policy is defined as a combination of security policies that can contain multiple policies (like ABAC, RBAC) as sub-policies. To evaluate such policy’s outcome, two types of policy result combining approaches (PRCAs) are used: i) allow access if any sub-policy allows access, ii) allow access if all sub-policies allow access. The former approach permits access only when a sub-policy allows access. In contrast, the latter grants access when all sub-policies allow access.

Additionally, to specify and evaluate liberal and strict MPBAC policies, security policies (such as ABAC, RBAC) and PRCAs are grouped into four categories: i) single policy combination and single PRCA, ii) single policy combination and multiple PRCAs, iii) multiple policy combinations and single PRCA, iv) multiple policy combinations and multiple PRCAs.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Singh, M.P., Sural, S., Vaidya, J. et al. A Role-Based Administrative Model for Administration of Heterogeneous Access Control Policies and its Security Analysis. Inf Syst Front (2021). https://doi.org/10.1007/s10796-021-10167-z

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10796-021-10167-z

Keywords

Navigation